1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Release Notes Archive</title>
11 <h2>The Samba Team is pleased to announce Samba 2.0.4</h2>
15 The Samba Team is pleased to announce Samba 2.0.4.
17 This is the latest stable release of Samba. This is the
18 version that all production Samba servers should be running
19 for all current bug-fixes.
21 Samba 2.0.4 now supports the viewing and modification of
22 UNIX security ownership and permissions from the standard
23 Windows NT client security dialog. More details may be found
24 in the NT_Security document included in this release.
26 It may be fetched via ftp from :
28 <a href="/samba/ftp/samba-2.0.4b.tar.gz">/samba/ftp/samba-2.0.4b.tar.gz </a>
30 Binary packages will be available shortly for many popular platforms.
31 Please check the main Web site or email announcements for details.
33 If you have problems, or think you have found a bug please email
36 <a href="mailto:samba-bugs@samba.org">samba-bugs@samba.org</a>
38 The WHATSNEW.txt file follows.
40 As always, any bugs are our responsibility,
46 -----------------------------------------------------------
47 WHATS NEW IN Samba 2.0.4
48 ========================
50 This is the latest stable release of Samba. This is the
51 version that all production Samba servers should be running
52 for all current bug-fixes.
54 New/Changed parameters in 2.0.4
55 -------------------------------
57 There are 5 new parameters and one modified parameter in
63 oplock break wait time
64 oplock contention limit
66 The new parameters are :
71 This option is used in "security=domain" settings and allows
72 the Samba admin to restrict access to users within the domain
73 the the Samba server is in.
78 This parameter allows the Samba admin to cause Samba to
79 refuse access to anonymous users. Use of this parameter
80 is only recommened for homogenous NT client environments.
85 This parameter was added to get around a bug in Windows NT
86 when dealing with Samba running on 32-bit systems (such
87 as Linux x86). This bug causes NT to send 64 bit locking
88 requests to 32-bit systems even though Samba correctly
89 tells the NT client not to do so. This option causes Samba
90 to map the lock requests from 64 bits to 32 bits on these
93 oplock break wait time
94 ----------------------
96 This tuning parameter, added to help with clients that don't
97 respond to oplock break requests, causes Samba to deley for
98 this number of milliseconds before sending an oplock break
99 request to a client that caused the break to be sent. The
100 default is 10ms. This is an advanced tuning parameter and
101 should not be changed lightly.
103 oplock contention limit
104 -----------------------
106 This tuning parameter causes Samba not to grant oplocks
107 when an smbd daemon notices that there have been this
108 many concurrent requests for an oplock on a file. This
109 prevents the "baton passing" oplock problem where many
110 clients accessing one file pass the oplock between themselves
111 like a baton. The default is 2. This is an advanced tuning
112 parameter and should not be changed lightly.
114 The modified parameter is :
119 This is a global parameter that defaulted to False in
120 the previous release (2.0.3) and now defaults to True
121 as the RPC code has been added to Samba to allow it to
122 map UNIX permissions to NT ACLs.
124 All of these new parameters and changes are documented in the
125 smb.conf man pages and html pages.
127 Updated and New documentation
128 -----------------------------
130 A new document describing the manipulation of UNIX permissions
131 via the Windows NT security dialogs and their interaction with
132 Samba 2.0.4 is provided as :
134 docs/textdocs/NT_Security.txt
135 docs/htmldocs/NT_Security.html
137 Bugfixes added since 2.0.3
138 --------------------------
140 1). Fix for 8 character password problem when using HPUX and
142 2). --with-pam option added to ./configure.
143 3). Client fixes for memory leak and display of 64 bit values.
144 4). Fixes for -E and -s option with smbclient.
145 5). smbclient now allows -L //server or -L \\server
146 6). smbtar fix for display of 64 bit values.
147 7). Endian independence added to DCE/RPC code.
148 8). DCE/RPC marshalling/unmarshalling code re-written to provide
149 overflow reporting and sign and seal support.
150 9). Bind NAK reply packet added to DCE/RPC code, used to correctly
151 refuse bind requests (prevents NT system event log messages).
152 10). Mapping of UNIX permissions into NT ACL's for get and set
154 11). DCE/RPC enumeration of numbers of shares made dynamic.
155 Samba now has no limit on the number of exported shares seen.
156 12). Fix to speed up random number seed generation on /dev/urandom
158 13). Several memory fixes added by running Purify on the code.
159 14). Read from client error messages improved.
160 15). Fixed endianness used in UNICODE strings.
161 16). Cope with ERRORmoredata in an RPC pipe client call.
162 17). Check for malformed responses in nmbd register name.
163 18). NT Encrypted password changing from the NT password dialog box
164 now fully implmented.
165 19). Mangle 64-bit lock ranges into 32-bits (NT bug!) on a 32-bit
167 20). Allow file to be pseudo-openend in order to read security only.
168 21). Improve filename mangling to reduce chance of collisions.
169 22). Added code to prevent granting of oplocks when a file is under
171 23). Added tunable wait time before sending an oplock break request
172 to a client if the client caused the break request. Helps with clients
173 not responding to oplock breaks.
174 24). Always respond negatively to queued local oplock break messages
175 before shutdown. This can prevent "freezes" on an oplock error.
176 25). Allow admin to restrict logons to correct domain when in domain
178 26). Added "restrict anonymous" patch from Andy (thwartedefforts@wonky.org)
179 to prevent parameter substitution problems with anonymous connections.
180 27). Fix SMBseek where seeking to a negative number sets the offset
182 28). Fixed problem with mode getting corrupted in trans2 request
183 (setting to zero means please ignore it).
184 29). Correctly become the authenticated user on an authenticated
185 DCE/RPC pipe request.
186 30). Correctly reset debug level in nmbd if someone set it on the
188 31). Added more checking into testparm
189 32). NetBench simulator added to smbtorture by Andrew.
190 33). Fixed NIS+ option compile (was broken in 2.0.3).
191 34). Recursive smbclient directory listing fix. Patch from E. Jay Berkenbilt
194 Bugfixes added since 2.0.2
195 --------------------------
197 1). --with-ssl configure now include ssl include directory. Fix
199 2). Patch for configure for glibc2.1 support (large files etc.).
200 3). Several bugfixes for smbclient tar mode from Bob Boehmer
201 (boehmer@worldnet.att.net) to fix smbclient aborting problems
202 when restoring tar files.
203 4). Some automount fixes for smbmount.
204 5). Attempt to fix the AIX 4.1.x/3.x problems where smbd runs as
205 root. As no-one has given us root access to such a server this
206 cannot be tested fully, but should work.
207 6). Crash bug fix in debug code where *real* uid rather than
208 *effective* uid was being checked before attempting to rotate
209 log files. This fix should help a *lot* of people who were
210 reporting smbd aborting in the middle of a copy operation.
211 7). SIGALRM bugfix to ensure infinate file locks time out.
212 8). New code to implement NT ACL reporting for cacls.exe program.
213 9). UDP loopback socket rebind fix for Solaris.
214 10). Ensure all UNICODE strings are correctly in little-endian
216 11). smbpasswd file locking fix.
217 12). Fixes for strncpy problems with glibc2.1.
218 13). Ensure smbd correctly reports major and minor version number
219 and server type when queried via NT rpc calls.
220 14). Bugfix for short mangled names not being pulled off the
221 mangled stack correctly.
222 15). Fix for mapping of rwx bits being incorrectly overwritten
223 when doing ATTRIB.EXE
224 16). Fix for returning multiple PDU packets in NT rpc code. Should
225 allow multiple shares to be returned correctly).
226 17). Improved mapping of NT open access requests into UNIX open
228 18). Fix for copying files from an NTFS volume that contain
229 multiple data forks. Added 'magic' error code NT needs.
230 19). Fixed crash bug when primary NT authentication server
231 is down, rolls over to secondaries correctly now.
232 20). Fixed timeout processing to be timer based. Now will
233 always occur even if smbd is under load.
234 21). Fixed signed/unsigned problem in quotas code.
235 22). Fixed bug where setting the password of a completely fresh
236 user would end up setting the account disabled flag.
237 23). Improved user logon messages to help admins having
238 trouble with user authentication.
241 Bugfixes added since 2.0.1
242 --------------------------
244 1). Fixed smbd looping on SIGCLD problem. This was
245 caused by a missing break statement in a critical
248 Bugfixes added since 2.0.0
249 --------------------------
251 1). Autoconf changes for gcc2.7.x and Solaris 2.5/2.6
252 2). Autoconf changes to help HPUX configure correctly.
253 3). Autoconf changes to allow lock directory to be set.
254 4). Client fix to allow port to be set.
255 5). clitar fix to send debug messages to stderr.
256 6). smbmount race condition fix.
257 7). Fix for bug where trying to browse large numbers of shares
258 generated an error from an NT client.
259 8). Wrapper for setgroups for SunOS 4.x
260 9). Fix for directory deleting failing from multiuser NT.
261 10). Fix for crash bug if bitmap was full.
262 11). Fix for Linux genrand where /dev/random could cause
263 clients to timeout on connect if the entropy pool was
265 12). The default PASSWD_CHAT may now be overridden in local.h
266 13). HPUX printing fixes for default programs.
267 14). Reverted (erroneous) code in MACHINE.SID generation that
268 was setting the sid to 0x21 - should be *decimal* 21.
269 15). Fix for printing to remote machine under SVR4.
270 16). Fix for chgpasswd wait being interrupted with EINTR.
271 17). Fix for disk free routine. NT and Win98 now correctly
272 show greater than 2GB disks.
273 18). Fix for crash bug in stat cache statistics printing.
274 19). Fix for filenames ending in .~xx.
275 20). Fix for access check code wait being interrupted with EINTR.
276 21). Fix for password changes from "invalid password" to a valid
277 one setting the account disabled bit.
278 22). Fix for smbd crash bug in SMBreadraw cache prime code.
279 23). Fix for overly zealous lock range overflow reporting.
280 24). Fix for large disk disk free reporting (NT SMB code).
281 25). Fix for NT failing to truncate files correctly.
282 26). Fix for smbd crash bug with SMBcancel calls.
283 27). Additional -T flag to nmblookup to do reverse DNS on addresses.
284 28). SWAT fix to start/stop smbd/nmbd correctly.
286 Major changes in Samba 2.0
287 --------------------------
289 This is a MAJOR new release of Samba, the UNIX based SMB/CIFS file
290 and print server for Windows systems.
292 There have been many changes in Samba since the last major release,
293 1.9.18. These have mainly been in the areas of performance and
294 SMB protocol correctness. In addition, a Web based GUI interface
295 for configuring Samba has been added.
297 In addition, Samba has been re-written to help portability to
298 other POSIX-based systems, based on the GNU autoconf tool.
300 There are many major changes in Samba for version 2.0. Here are
303 =====================================================================
308 Samba has been benchmarked on high-end UNIX hardware as out-performing
309 all other SMB/CIFS servers using the Ziff-Davis NetBench benchmark.
310 Many changes to the code to optimise high-end performance have been made.
315 Samba now supports the Windows NT specific SMB requests. This
316 means that on platforms that are capable Samba now presents a
317 64 bit view of the filesystem to Windows NT clients and is
318 capable of handling very large files.
323 Samba is now self-configuring using GNU autoconf, removing
324 the need for people installing Samba to have to hand configure
325 Makefiles, as was needed in previous versions.
327 You now configure Samba by running "./configure" then "make". See
328 docs/textdocs/UNIX_INSTALL.txt for details.
330 4). Web based GUI configuration
331 -------------------------------
333 Samba now comes with SWAT, a web based GUI config system. See
334 the swat man page for details on how to set it up.
336 5). Cross protocol data integrity
337 ---------------------------------
339 An open function interface has been defined to allow
340 "opportunistic locks" (oplocks for short) granted by Samba
341 to be seen by other UNIX processes. This allows complete
342 cross protocol (NFS and SMB) data integrety using Samba
343 with platforms that support this feature.
345 6). Domain client capability
346 ----------------------------
348 Samba is now capable of using a Windows NT PDC for user
349 authentication in exactly the same way that a Windows NT
350 workstation does, i.e. it can be a member of a Domain. See
351 docs/textdocs/DOMAIN_MEMBER.txt for details.
353 7). Documentation Updates
354 -------------------------
356 All the reference parts of the Samba documentation (the
357 manual pages) have been updated and converted to a document
358 format that allows automatic generation of HTML, SGML, and
359 text formats. These documents now ship as standard in HTML
362 =====================================================================
364 NOTE - Some important option defaults changed
365 ---------------------------------------------
367 Several parameters have changed their default values. The most
368 important of these is that the default security mode is now user
369 level security rather than share level security.
371 This (incompatible) change was made to ease new Samba installs
372 as user level security is easier to use for Windows 95/98 and
375 ********IMPORTANT NOTE****************
377 If you have no "security=" line in the [global] section of
378 your current smb.conf and you update to Samba 2.0 you will
379 need to add the line :
383 to get exactly the same behaviour with Samba 2.0 as you
384 did with previous versions of Samba.
386 ********END IMPORTANT NOTE*************
388 In addition, Samba now defaults to case sensitivity options that
389 match a Windows NT server precisely, that is, case insensitive
392 The default format of the smbpasswd file has also been
393 changed for this release, although the new tools will read
394 and write the old format, for backwards compatibility.
396 =====================================================================
398 NOTE - Primary Domain Controller Functionality
399 ----------------------------------------------
401 This version of Samba contains code that correctly implements
402 the undocumented Primary Domain Controller authentication
403 protocols. However, there is much more to being a Primary
404 Domain Controller than serving Windows NT logon requests.
406 A useful version of a Primary Domain Controller contains
407 many remote procedure calls to do things like enumerate users,
408 groups, and security information, only some of which Samba currently
409 implements. In addition, there are outstanding (known) bugs with
410 using Samba as a PDC in this release that the Samba Team are actively
411 working on. For this reason we have chosen not to advertise and
412 actively support Primary Domain Controller functionality with this
415 This work is being done in the CVS (developer) versions of Samba,
416 development of which continues at a fast pace. If you are
417 interested in participating in or helping with this development
418 please join the Samba-NTDOM mailing list. Details on joining
421 <a href="http://samba.org/listproc/">http://samba.org/listproc/</a>
423 Details on obtaining CVS (developer) versions of Samba
426 <a href="http://samba.org/cvs.html">http://samba.org/cvs.html</a>
428 =====================================================================
430 If you have problems, or think you have found a bug please email
433 <a href="mailto:samba-bugs@samba.org">samba-bugs@samba.org</a>
435 As always, all bugs are our responsibility.
441 ----------------------------------------------------------------------